Denial of Service in SAP NetWeaver AS for Java Http Service Monitoring Filter
CVE-2021-33670
7.5HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 14 July 2021
What is CVE-2021-33670?
A vulnerability in the Http Service Monitoring Filter of SAP NetWeaver AS for Java allows an attacker to send multiple HTTP requests with different methods. This action can overwhelm the filter, resulting in it crashing and causing the HTTP server to become unavailable for legitimate users, effectively leading to a denial of service scenario.
Affected Version(s)
SAP NetWeaver AS for Java (Http Service) < 7.10 < 7.10
SAP NetWeaver AS for Java (Http Service) < 7.11 < 7.11
SAP NetWeaver AS for Java (Http Service) < 7.20 < 7.20